program: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000000340), 0x8000000000000001, 0xa2865) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224"], 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0xfffffffffffffffe}, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffc, 0xfffe}, 0x0, 0xf, 0xffffffffffffffff, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r4, &(0x7f0000000080)={0x28, 0x0, 0x0, @host}, 0x10) listen(r4, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r6, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r7 = dup(r6) write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r7, &(0x7f0000002100)=ANY=[@ANYBLOB="b0000000000000001659ec0889419429aa5db97288b0f8a87ea8e66d9a8b"], 0xb0) write$FUSE_DIRENTPLUS(r7, &(0x7f0000000140)=ANY=[@ANYBLOB="1000000000000000ce"], 0x10) write$FUSE_DIRENTPLUS(r7, &(0x7f0000000280)=ANY=[@ANYBLOB="a8"], 0xa8) write$FUSE_ENTRY(r7, &(0x7f0000000440)={0x90}, 0x90) mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r7}, 0x2c, {[{@posixacl}]}}) ioctl$sock_SIOCOUTQ(r4, 0x5411, 0x0) prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f) prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f) syz_usb_control_io$hid(r3, 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0884113, &(0x7f0000000240)={0x1, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffe, 0x2}) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r2, 0xc06c4124, &(0x7f00000003c0)) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c000000100001040000000008000000a186d83ea47c0000000000f39a5f2b8e907497288fee4ad71d8a84069c8884e47e4b7866cb8762d83ed57bd0f0f0dac1d6e5808125fd518d0e9a5a3ec1be9d5d5e918e089f91472f36352c70590ed7a1bdf14973f972123a07dfff8bb727cb92d005d26a3e9e47672f4feb1c3015c0c3f6b7fe3a892a852a59a338a445b169fcd7e7ce08282f577bf5fc3ae207f81cb20f38fe3b8781d6f8bd8ec64b924110a3f325d935c86494558d8ef69e9a58e4", @ANYRES32=0x0, @ANYBLOB="01000000000000001c0012800b00010067656e65766500000c000280060005004e200000"], 0x3c}}, 0x0) [ 59.145967][ T5313] Bluetooth: hci0: command tx timeout [ 59.334070][ T5321] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 59.486882][ T5321] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 59.491405][ T5321] usb 5-1: config 0 has no interfaces? [ 59.493604][ T5321] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 59.497349][ T5321] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 59.503100][ T5321] usb 5-1: config 0 descriptor?? [ 60.090671][ T5329] ------------[ cut here ]------------ [ 60.092905][ T5329] WARNING: CPU: 0 PID: 5329 at mm/page_alloc.c:4727 __alloc_pages_noprof+0x3bd/0x710 [ 60.096765][ T5329] Modules linked in: [ 60.098263][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0 [ 60.102227][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 60.106330][ T5329] RIP: 0010:__alloc_pages_noprof+0x3bd/0x710 [ 60.108694][ T5329] Code: ff df 0f 85 00 01 00 00 44 89 e9 81 e1 7f ff ff ff a9 00 00 04 00 41 0f 44 cd 41 89 cd e9 f0 00 00 00 c6 05 7d 6d 16 0e 01 90 <0f> 0b 90 41 83 fc 0a 0f 86 1b fd ff ff 45 31 e4 48 c7 44 24 20 0e [ 60.115980][ T5329] RSP: 0018:ffffc9000d277960 EFLAGS: 00010246 [ 60.118364][ T5329] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000000 [ 60.121354][ T5329] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d2779e8 [ 60.124484][ T5329] RBP: ffffc9000d277a68 R08: ffffc9000d2779e7 R09: 0000000000000000 [ 60.127538][ T5329] R10: ffffc9000d2779c0 R11: fffff52001a4ef3d R12: 000000000000000b [ 60.130659][ T5329] R13: 0000000000040d40 R14: 1ffff92001a4ef34 R15: 1ffff92001a4ef30 [ 60.133669][ T5329] FS: 00007fb9bf40f6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 60.137247][ T5329] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 60.139814][ T5329] CR2: 0000000020002100 CR3: 000000004fe68000 CR4: 0000000000352ef0 [ 60.142805][ T5329] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 60.145772][ T5329] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 60.148610][ T5329] Call Trace: [ 60.149812][ T5329] [ 60.150888][ T5329] ? __warn+0x168/0x4e0 [ 60.152407][ T5329] ? __alloc_pages_noprof+0x3bd/0x710 [ 60.154393][ T5329] ? report_bug+0x2b3/0x500 [ 60.156107][ T5329] ? __alloc_pages_noprof+0x3bd/0x710 [ 60.158389][ T5329] ? handle_bug+0x60/0x90 [ 60.160087][ T5329] ? exc_invalid_op+0x1a/0x50 [ 60.161946][ T5329] ? asm_exc_invalid_op+0x1a/0x20 [ 60.164364][ T5329] ? __alloc_pages_noprof+0x3bd/0x710 [ 60.166524][ T5329] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 60.168712][ T5329] ? p9_client_clunk+0x1ce/0x260 [ 60.170604][ T5329] ? v9fs_fid_xattr_get+0x327/0x450 [ 60.176340][ T5329] ? __pfx_v9fs_fid_xattr_get+0x10/0x10 [ 60.178368][ T5329] ? lockdep_init_map_type+0xa1/0x910 [ 60.180419][ T5329] ___kmalloc_large_node+0x8b/0x1d0 [ 60.182393][ T5329] __kmalloc_large_node_noprof+0x1a/0x80 [ 60.184573][ T5329] ? v9fs_fid_get_acl+0x4f/0x100 [ 60.186439][ T5329] __kmalloc_noprof+0x2ae/0x400 [ 60.188387][ T5329] ? __pfx_v9fs_cache_inode_get_cookie+0x10/0x10 [ 60.190968][ T5329] v9fs_fid_get_acl+0x4f/0x100 [ 60.192795][ T5329] v9fs_get_acl+0x96/0x350 [ 60.194682][ T5329] v9fs_inode_from_fid_dotl+0x22d/0x2c0 [ 60.196935][ T5329] v9fs_mount+0x718/0xa90 [ 60.198597][ T5329] ? __pfx_v9fs_mount+0x10/0x10 [ 60.200533][ T5329] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 60.202603][ T5329] legacy_get_tree+0xee/0x190 [ 60.204581][ T5329] ? __pfx_v9fs_mount+0x10/0x10 [ 60.206425][ T5329] vfs_get_tree+0x90/0x2b0 [ 60.208074][ T5329] do_new_mount+0x2be/0xb40 [ 60.209724][ T5329] ? __pfx_do_new_mount+0x10/0x10 [ 60.211527][ T5329] __se_sys_mount+0x2d6/0x3c0 [ 60.213299][ T5329] ? __pfx___se_sys_mount+0x10/0x10 [ 60.215223][ T5329] ? do_syscall_64+0x100/0x230 [ 60.216880][ T5329] ? __x64_sys_mount+0x20/0xc0 [ 60.218587][ T5329] do_syscall_64+0xf3/0x230 [ 60.220271][ T5329] ? clear_bhb_loop+0x35/0x90 [ 60.222054][ T5329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.224314][ T5329] RIP: 0033:0x7fb9be57e719 [ 60.226009][ T5329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.232743][ T5329] RSP: 002b:00007fb9bf40f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 60.235883][ T5329] RAX: ffffffffffffffda RBX: 00007fb9be736130 RCX: 00007fb9be57e719 [ 60.238742][ T5329] RDX: 0000000020000b80 RSI: 00000000200003c0 RDI: 0000000000000000 [ 60.241514][ T5329] RBP: 00007fb9be5f175e R08: 0000000020000500 R09: 0000000000000000 [ 60.244446][ T5329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 60.247322][ T5329] R13: 0000000000000000 R14: 00007fb9be736130 R15: 00007ffd55241f18 [ 60.249929][ T5329] [ 60.251062][ T5329] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 60.253692][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0 [ 60.257247][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 60.261152][ T5329] Call Trace: [ 60.262352][ T5329] [ 60.263374][ T5329] dump_stack_lvl+0x241/0x360 [ 60.264979][ T5329] ? __pfx_dump_stack_lvl+0x10/0x10 [ 60.266923][ T5329] ? __pfx__printk+0x10/0x10 [ 60.268587][ T5329] ? vscnprintf+0x5d/0x90 [ 60.270174][ T5329] panic+0x349/0x880 [ 60.271695][ T5329] ? __warn+0x177/0x4e0 [ 60.273253][ T5329] ? __pfx_panic+0x10/0x10 [ 60.274893][ T5329] __warn+0x34b/0x4e0 [ 60.276425][ T5329] ? __alloc_pages_noprof+0x3bd/0x710 [ 60.278476][ T5329] report_bug+0x2b3/0x500 [ 60.280138][ T5329] ? __alloc_pages_noprof+0x3bd/0x710 [ 60.282026][ T5329] handle_bug+0x60/0x90 [ 60.283458][ T5329] exc_invalid_op+0x1a/0x50 [ 60.285139][ T5329] asm_exc_invalid_op+0x1a/0x20 [ 60.286721][ T5329] RIP: 0010:__alloc_pages_noprof+0x3bd/0x710 [ 60.288912][ T5329] Code: ff df 0f 85 00 01 00 00 44 89 e9 81 e1 7f ff ff ff a9 00 00 04 00 41 0f 44 cd 41 89 cd e9 f0 00 00 00 c6 05 7d 6d 16 0e 01 90 <0f> 0b 90 41 83 fc 0a 0f 86 1b fd ff ff 45 31 e4 48 c7 44 24 20 0e [ 60.296133][ T5329] RSP: 0018:ffffc9000d277960 EFLAGS: 00010246 [ 60.298368][ T5329] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000000 [ 60.301117][ T5329] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d2779e8 [ 60.304109][ T5329] RBP: ffffc9000d277a68 R08: ffffc9000d2779e7 R09: 0000000000000000 [ 60.307071][ T5329] R10: ffffc9000d2779c0 R11: fffff52001a4ef3d R12: 000000000000000b [ 60.310097][ T5329] R13: 0000000000040d40 R14: 1ffff92001a4ef34 R15: 1ffff92001a4ef30 [ 60.313048][ T5329] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 60.315134][ T5329] ? p9_client_clunk+0x1ce/0x260 [ 60.317039][ T5329] ? v9fs_fid_xattr_get+0x327/0x450 [ 60.318987][ T5329] ? __pfx_v9fs_fid_xattr_get+0x10/0x10 [ 60.320875][ T5329] ? lockdep_init_map_type+0xa1/0x910 [ 60.322794][ T5329] ___kmalloc_large_node+0x8b/0x1d0 [ 60.324671][ T5329] __kmalloc_large_node_noprof+0x1a/0x80 [ 60.326804][ T5329] ? v9fs_fid_get_acl+0x4f/0x100 [ 60.329084][ T5329] __kmalloc_noprof+0x2ae/0x400 [ 60.331246][ T5329] ? __pfx_v9fs_cache_inode_get_cookie+0x10/0x10 [ 60.333356][ T5329] v9fs_fid_get_acl+0x4f/0x100 [ 60.335109][ T5329] v9fs_get_acl+0x96/0x350 [ 60.336815][ T5329] v9fs_inode_from_fid_dotl+0x22d/0x2c0 [ 60.338952][ T5329] v9fs_mount+0x718/0xa90 [ 60.340548][ T5329] ? __pfx_v9fs_mount+0x10/0x10 [ 60.342270][ T5329] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 60.344202][ T5329] legacy_get_tree+0xee/0x190 [ 60.345901][ T5329] ? __pfx_v9fs_mount+0x10/0x10 [ 60.347634][ T5329] vfs_get_tree+0x90/0x2b0 [ 60.349197][ T5329] do_new_mount+0x2be/0xb40 [ 60.350833][ T5329] ? __pfx_do_new_mount+0x10/0x10 [ 60.352795][ T5329] __se_sys_mount+0x2d6/0x3c0 [ 60.354611][ T5329] ? __pfx___se_sys_mount+0x10/0x10 [ 60.356562][ T5329] ? do_syscall_64+0x100/0x230 [ 60.358355][ T5329] ? __x64_sys_mount+0x20/0xc0 [ 60.360244][ T5329] do_syscall_64+0xf3/0x230 [ 60.362023][ T5329] ? clear_bhb_loop+0x35/0x90 [ 60.363874][ T5329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.366130][ T5329] RIP: 0033:0x7fb9be57e719 [ 60.367795][ T5329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.374808][ T5329] RSP: 002b:00007fb9bf40f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 60.377929][ T5329] RAX: ffffffffffffffda RBX: 00007fb9be736130 RCX: 00007fb9be57e719 [ 60.380923][ T5329] RDX: 0000000020000b80 RSI: 00000000200003c0 RDI: 0000000000000000 [ 60.383946][ T5329] RBP: 00007fb9be5f175e R08: 0000000020000500 R09: 0000000000000000 [ 60.386967][ T5329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 60.390001][ T5329] R13: 0000000000000000 R14: 00007fb9be736130 R15: 00007ffd55241f18 [ 60.393077][ T5329] [ 60.394504][ T5329] Kernel Offset: disabled [ 60.396237][ T5329] Rebooting in 86400 seconds..